Cross-Site Scripting Vulnerability in MantisBT Software by MantisBT
CVE-2020-16266
5.4MEDIUM
What is CVE-2020-16266?
A Cross-Site Scripting (XSS) vulnerability exists in MantisBT prior to version 2.24.2 due to improper data escaping in the view_all_bug_page.php file. This flaw enables a remote attacker to inject malicious HTML code into the application by manipulating a Custom Field. As a result, any user who views the affected issue may inadvertently execute harmful scripts in their browser, especially if Content Security Policy (CSP) settings do not adequately restrict such actions.